New research suggests that data breaches from cyberattacks become twice as likely when hospitals go through a merger. Looking at data from 2010 to 2022, Nan Clement, a University of Texas at Dallas PhD candidate in the School of Economics, Political, and Policy Sciences, found that the probability of data breaches rose from 3% to 6% during a merger. Clement published her findings in a peer-reviewed paper.
According to the paper, the risks increase during a merger due to several factors, from outside hackers and from internal misconduct. One of the primary modes of cyberattack is ransomware, which not only exposes patient data can interrupt hospital operations..
Hackers may target a hospital during a merger because information about the deal in the media heightens the profile of the hospital. It also becomes more attractive for hackers as financial resources become more concentrated.
Another possible reason for the increase in data breaches is simply that hackers find large institutions in the midst of a transition to be good targets and may make more sense from a cost-benefit perspective.
On the internal side, during transitions, employees may make honest mistakes but there may also be malicious misconduct as well. During transitions, there may be inefficient risk control that may lead to data breaches. But other problems, like incompatibility issues may also leave hospitals vulnerable to hackers. The paper notes that a more complicated IT integration process may lead to an increase in post-merger breaches.
The results of the analysis suggest the need for better and earlier planning when it comes to IT integration so that hospitals in the process of a merger are better protected during the pre- and post-merger periods.
Photo 268668724 © Dragoscondrea | Dreamstime.com